fix(db-mongodb): bump mongoose to 8.22.1 for GHSA-wpg9-53fq-2r8h

[jacobsfletch]

Closes #16650.

Bumps mongoose from 8.15.1 to 8.22.1 in @payloadcms/db-mongodb.

Also bumps mongodb from 6.16.0 to 6.20.0 in @payloadcms.db-mongodb to match a transitive dependency within mongoose and prevent duplicative installations.

The mongoose@8.15.1 package is affected by GHSA-wpg9-53fq-2r8h (high severity NoSQL injection via improper $nor sanitization in sanitizeFilter). Patched in >= 8.22.1.

Note: there was a breaking change in v8.17 introduced by Automattic/mongoose#15547. This change removed various properties from the MongooseUpdateQueryOptions type, specifically: lean, projection, and new. Using these args throws TS errors.

Instead, we rely on the more broad QueryOptions type, and then isolate the options per operation.

Related #16688.

---

• To see the specific tasks where the Asana app for GitHub is being used, see below:
  • https://app.asana.com/0/0/1214892618486232

[github-actions]

📦 esbuild Bundle Analysis for payload

This analysis was generated by esbuild-bundle-analyzer. 🤖
This PR introduced no changes to the esbuild bundle! 🙌